{"id":13536012,"url":"https://github.com/AonCyberLabs/Windows-Exploit-Suggester","last_synced_at":"2025-04-02T02:32:06.401Z","repository":{"id":18429300,"uuid":"21613236","full_name":"AonCyberLabs/Windows-Exploit-Suggester","owner":"AonCyberLabs","description":"This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.","archived":true,"fork":false,"pushed_at":"2023-05-11T12:44:55.000Z","size":164,"stargazers_count":3866,"open_issues_count":33,"forks_count":1013,"subscribers_count":169,"default_branch":"master","last_synced_at":"2024-05-20T11:03:52.766Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AonCyberLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2014-07-08T13:16:28.000Z","updated_at":"2024-05-20T04:57:50.000Z","dependencies_parsed_at":"2023-10-20T17:29:51.172Z","dependency_job_id":null,"html_url":"https://github.com/AonCyberLabs/Windows-Exploit-Suggester","commit_stats":null,"previous_names":["gdssecurity/windows-exploit-suggester"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AonCyberLabs%2FWindows-Exploit-Suggester","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AonCyberLabs%2FWindows-Exploit-Suggester/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AonCyberLabs%2FWindows-Exploit-Suggester/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AonCyberLabs%2FWindows-Exploit-Suggester/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AonCyberLabs","download_url":"https://codeload.github.com/AonCyberLabs/Windows-Exploit-Suggester/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221934364,"owners_count":16904124,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:00:33.622Z","updated_at":"2024-11-03T01:30:16.430Z","avatar_url":"https://github.com/AonCyberLabs.png","language":"Python","funding_links":[],"categories":["Privilege Escalation","Python (1887)","Python","漏洞库、漏洞靶场","🚀 Elevating Privileges","Windows"],"sub_categories":["Windows","网络服务_其他","Tools"],"readme":"DESCRIPTION\n=========== \nThis tool compares a targets patch levels against the Microsoft vulnerability\ndatabase in order to detect potential missing patches on the target. It also\nnotifies the user if there are public exploits and Metasploit modules\navailable for the missing bulletins.\n\nIt requires the 'systeminfo' command output from a Windows host in order to\ncompare that the Microsoft security bulletin database and determine the \npatch level of the host.\n\nIt has the ability to automatically download the security bulletin database\nfrom Microsoft with the --update flag, and saves it as an Excel spreadsheet.\n\nWhen looking at the command output, it is important to note that it assumes\nall vulnerabilities and then selectively removes them based upon the hotfix\ndata. This can result in many false-positives, and it is key to know what\nsoftware is actually running on the target host. For example, if there are\nknown IIS exploits it will flag them even if IIS is not running on the\ntarget host.\n\nThe output shows either public exploits (E), or Metasploit modules (M) as\nindicated by the character value. \n\nIt was heavily inspired by Linux_Exploit_Suggester by Pentura.\n\nBlog Post: \"Introducing Windows Exploit Suggester\", https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html\n\nUSAGE\n=====\nupdate the database\n```\n$ ./windows-exploit-suggester.py --update\n[*] initiating...\n[*] successfully requested base url\n[*] scraped ms download url\n[+] writing to file 2014-06-06-mssb.xlsx\n[*] done\n```\ninstall dependencies\n\n(install python-xlrd, $ pip install xlrd --upgrade)\n\nfeed it \"systeminfo\" input, and point it to the microsoft database\n```\n$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt \n[*] initiating...\n[*] database file detected as xls or xlsx based on extension\n[*] reading from the systeminfo input file\n[*] querying database file for potential vulnerabilities\n[*] comparing the 15 hotfix(es) against the 173 potential bulletins(s)\n[*] there are now 168 remaining vulns\n[+] windows version identified as 'Windows 7 SP1 32-bit'\n[*] \n[M] MS14-012: Cumulative Security Update for Internet Explorer (2925418) - Critical\n[E] MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) - Important\n[M] MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) - Critical\n[M] MS13-080: Cumulative Security Update for Internet Explorer (2879017) - Critical\n[M] MS13-069: Cumulative Security Update for Internet Explorer (2870699) - Critical\n[M] MS13-059: Cumulative Security Update for Internet Explorer (2862772) - Critical\n[M] MS13-055: Cumulative Security Update for Internet Explorer (2846071) - Critical\n[M] MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) - Critical\n[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical\n[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important\n[*] done\n```\n\npossible exploits for an operating system can be used without hotfix data\n```\n$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windows server 2008 r2' \n[*] initiating...\n[*] database file detected as xls or xlsx based on extension\n[*] getting OS information from command line text\n[*] querying database file for potential vulnerabilities\n[*] comparing the 0 hotfix(es) against the 196 potential bulletins(s)\n[*] there are now 196 remaining vulns\n[+] windows version identified as 'Windows 2008 R2 64-bit'\n[*] \n[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical\n[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important\n[E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Important\n[M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) - Important\n[M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) - Critical\n[E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) - Important\n[E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) - Important\n[M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical\n[M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical\n```\n\nLIMITATIONS\n===========\nCurrently, if the 'systeminfo' command reveals 'File 1' as the output for\nthe hotfixes, it will not be able to determine which are installed on\nthe target. If this occurs, the list of hotfixes will need to be \nretrieved from the target host and passed in using the --hotfixes flag\n\nIt currently does not seperate 'editions' of the Windows OS such as\n'Tablet' or 'Media Center' for example, or different architectures, such as\nItanium-based only\n\nFalse positives also occur where it assumes EVERYTHING is installed\non the target Windows operating system. If you receive the 'File 1'\noutput, try executing 'wmic qfe list full' and feed that as input\nwith the --hotfixes flag, along with the 'systeminfo'\n\nLICENSE\n=======\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAonCyberLabs%2FWindows-Exploit-Suggester","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FAonCyberLabs%2FWindows-Exploit-Suggester","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAonCyberLabs%2FWindows-Exploit-Suggester/lists"}